Cybersecurity Compliance Starter Kit (SOC 2 + NIST CSF)

Your SOC 2 audit prep doesn't need a $10,000 tool — it needs this spreadsheet and three policy stubs.

Every startup eventually gets The Email: 'Our enterprise client requires SOC 2 Type 1 compliance before we can proceed.' This kit is the structured starting point that would otherwise take 40+ hours to assemble: a TSC-mapped gap analysis spreadsheet with all 33 AICPA CC controls, three auditor-expected policy stubs (Access Control, Acceptable Use, Incident Response) at 800–1,200 words each, a 90-day Type 1 implementation roadmap, and a 35-item pre-auditor-call checklist. For internal preparation only — does not guarantee SOC 2 certification or audit success.

Key Features

✓Google Sheets gap analysis template — all 33 AICPA TSC CC controls with real control IDs, dropdown tracking, pre-filled evidence column, and completed sample row
✓Three policy stubs (ACP, AUP, IRP) — 800–1,200 words each with AICPA control mappings and adapt-before-use guidance
✓90-day SOC 2 Type 1 implementation roadmap — 4 phases from scoping to audit prep
✓35-item pre-auditor readiness checklist with scoring guide
✓NIST CSF 2.0 quick-map bonus tab for dual-framework alignment
✓Access Control Policy stub available as free sample on storefront

What's Inside

📦cyber-compliance-starter-kit.xlsx — Excel/Google Sheets gap analysis (3 tabs: Gap Analysis, NIST CSF 2.0 Quick-Map, Instructions)
📦policies/access-control-policy.pdf — ACP stub, 1,076 words, CC6.1/CC6.2/CC6.3 mapped (free sample)
📦policies/acceptable-use-policy.pdf — AUP stub, 1,089 words, CC1.1/CC6.1/CC6.6 mapped
📦policies/incident-response-policy.pdf — IRP stub, 1,198 words, CC7.1/CC7.2/CC7.3/CC7.4 mapped
📦90-day-compliance-roadmap.pdf — 4-phase roadmap with day-by-day guidance
📦compliance-checklist.pdf — 35-item checklist, 4 sections, scoring guide
📦README.md — usage instructions, scope expectations, disclaimer